Telecommunications system and method for controlling privacy

ABSTRACT

A telecommunications system comprises at least one user and provides a first entity for storing information defining a privacy profile for at least one user. A second entity is arranged to store an association between at least one user and the first entity and the system is such that in response to a request for information relating to the user, the association stored in the second entity is used to identify the first entity so that a check can be made with respect to the privacy profile as to whether or not the requested information, can be provided.

FIELD OF THE INVENTION

The present invention relates to a method for controlling the privacy ofa user in a network and to a telecommunications network.

BACKGROUND OF THE INVENTION

Communication systems providing mobility for the users thereof areknown. A well known example of the mobile communication systems is thepublic land line mobile network (PLMN), a cellular communication networkbeing an example of the PLMN. Another example is a mobile communicationsystem that is based, at least partially, on use of communicationsatellites.

The mobile network apparatus and/or user equipment such as a mobilestation can be employed for provision of information regarding thegeographical location of the user equipment and thus the user thereof. Amobile user equipment and thus the user thereof can be positioned byvarious different techniques. For example, substantially accurategeographical location information that associates with a user equipmentcan be obtained based on the known satellite based GPS (GlobalPositioning System). More accurate location information can be obtainedthrough a differential GPS.

Another possibility is to use a location service that associates with acellular telecommunications system for the provision of the locationinformation. In this approach the cells or similar geographicallylimited radio access entities and associated controllers of thecommunication system are utilised in production of at least a roughlocation information estimate concerning the current location of themobile user equipment. To improve the accuracy of the locationinformation the communication system may be provided with specificlocation measurement units that provide more accurate data concerningthe location of a user equipment within the service area of the cellularsystem. It is also possible to determine geographical location when themobile user equipment is located within the coverage area of a visitedor “foreign” network. The visited network may be made capable oftransmitting the location of the mobile user equipment back to the homenetwork, e.g. to support services that are based on location informationor for the purposes of routing and charging.

The location data may be processed in a specific location service entitythat is implemented either within the cellular system or connectedthereto. The location data may also be processed in the user equipmentthat is provided with appropriate processing capacity. The locationservice entity provided by the communication system may serve differentclients via an appropriate interface.

The location information may be used for various purposes, such as forlocation of a mobile telephone that has made an emergency call, forlocating vehicles or given mobile subscribers and so on. In general, aclient such as user equipment or another entity wishing to receivelocation information regarding user equipment may send a request forsuch information to the location service provision entity. The locationservice provisioning entity will then process the request, obtain therequired data and generate an appropriate response.

An example of the provision of location information by a PLMN isdescribed in more detail in 3^(rd) Generation Partnership Project (3GPP)technical specifications, see e.g. 3GPP TS 23.271 version 4.2.0, titled“Functional stage 2 description of LCS”, June 2001.

According to the 3GPP specification a location service (LCS) serverentity referred to as a Gateway Mobile Location Center (GMLC) isprovided for managing the location services. The GMLC is for gatheringand storing various data that may be used in the provision of locationinformation for location service clients (LCS clients). The LCS Clientmay make use of that location information for variousservices/applications. A possible application comprises a LCS clientarranged to provide location information in response to a request fornon-call related location information. Such a request for locationinformation is referred to in the 3GPP specifications as a non-callrelated MT-LR (Mobile Terminated Location Request).

Use of a so called “Authorized UE List” has been proposed. This listcontains Mobile Subscriber ISDN (MSISDN) (ISDN—Integrated ServicesDigital Network) numbers or groups of MSISDNs which are authorised toinitiate a location information provision procedure. That is, MSISDNs orgroups of MSISDN are listed for which the LCS Client may issue anon-call related MT-LR. Separate lists of MSISDNs may be associated witheach distinct external or non-call related client identity. Locationinformation may be provided by the LCS server to the LCS client inresponse to a request for location information from a user with a MSISDNnumber that appears in the list.

The LCS Client who is external to the PLMN system may only be enabled tovalidly issue location information requests for those MSISDNs which arefound on the “Authorized UE List”. That is, the LCS clients request mayonly be responded for subscribers who subscribe to the location servicesprovided by the PLMN, as their MSISDNs would not otherwise appear on thelist.

Requests from the LCS Client are authenticated based on a combination ofa Client ID and password stored in a LCS Client profile at the LSCserver (e.g. the GMLC) and authorized based on the “Authorized UE List”.That is, the LCS client is authorised to receive location informationfrom the GMLC entity if the requesting user equipment (UE) is found fromthe list.

LCS clients are typically Application Service Providers (ASP) who arenot a part of the PLMN system.

One important issue in Mobile Location Services (MLS) is thesubscriber's privacy. In particular the user is able to define onlybroad privacy requirements which are stored in the home locationregister HLR. The current privacy requirements allow a user to definewhether or not the user's location information can be provided and if soto which clients. Currently these privacy requirements have been handledby Mobile Services Switching Centre (MSC), GMLC, and the mobile terminalbased on the information stored in the home location register. Forexample, Client screening is done in the GMLC (that is clients canrequest location information via the GMLC network operator) and in theMSC/VLR (that is clients can request for example a user's subscriber'slocation information) (VLR=Visitor Location Register).

The subscriber specific privacy parameter information is stored in theHLR and copied to VLR, if required. This information is generally calledLCS privacy parameters. The problem with the existing system is that itis limited and inflexible.

SUMMARY OF THE INVENTION

Embodiments of the present invention aim to address one or several ofthe above problems.

According to a first aspect of the invention, there is provided atelecommunications system comprising: at least one user; a first entityfor storing information defining a privacy profile for said at least oneuser; a second entity arranged to store an association between at leastone user and said first entity; wherein said system is such that inresponse to a request for information relating to said user, saidassociation stored in said second entity is used to identify said firstentity so that a check can be made with respect to the privacy profileas to whether or not the requested information can be provided.

According to a second aspect of the invention, there is provided amethod for controlling the privacy of a user in a telecommunicationssystem comprising the steps of: receiving a request for informationrelating to said user; obtaining information from a second entityidentifying a first entity, said first entity storing informationdefining a privacy profile for said user; and carrying out a check withrespect to the privacy profile as to whether or not the requestedinformation can be provided.

According to a third aspect of the present invention, there is providedan entity for use in a telecommunications system, said entity beingarranged to store information defining a privacy profile for at leastone user, said privacy profile comprising at least one of the followingtypes of information: information defining time when the information onthe user can be provided; information defining time when the informationon the user can not be provided; information defining locations of theuser when the information on the user can be provided; and informationdefining locations of the user when the information on the user can notbe provided.

According to a further aspect, there is provided a home locationregister for use in a telecommunication system, said home locationregister being arranged to store information for a plurality of usersidentifying for each user an entity, the or each entity being arrangedto store a privacy profile for the respective plurality of users.

BRIEF DESCRIPTION OF DRAWINGS

For better understanding of the present invention, and as to how thesame may be carried into effect, reference will now be made by way ofexample to the accompanying drawings in which:

FIG. 1 shows a system in which embodiments of the present invention canbe used ;

FIG. 2 shows an embodiment of the invention; and

FIG. 3 shows a method embodying the present invention; and

FIG. 4 illustrates a modified version of the method of FIG. 3.

DESCRIPTION OF PREFERRED EMBODIMENTS OF THE INVENTION

Reference is made to FIG. 1 which is a simplified presentation of acellular system providing location services. It should be appreciatedthat even though the exemplifying telecommunications network shown anddescribed in more detail uses the terminology of the third generation(3G) UMTS (Universal Mobile Telecommunications System) public landmobile network (PLMN), the proposed solution can be used in any systemproviding mobile communications for users and some kind of locationinformation service. Examples of other telecommunications systemsinclude, without limiting to these, standards such as the GSM (GlobalSystem for Mobile communications) or various GSM based systems (such asGPRS: General Packet Radio Service), AMPS (American Mobile Phone System)or DAMPS (Digital AMPS), IMT 2000 (International MobileTelecommunications system 2000), i-phone and so on.

More particularly, FIG. 1 shows an arrangement in which base stations 3(only three shown for clarity) of the cellular system 1 provide radiocoverage areas i.e. cells 2. Each radio coverage area 2 is typicallyserved by a base station. It should be appreciated that one cell mayinclude more than one base station site. A base station apparatus orsite may also provide more than one cell. The shape and size of thecells 2 depend on the implementation and may be different from theillustrated shapes. The shape and size of the cells may also vary fromcell to cell. It should be appreciated that in some systems the basestation may be referred to as Node B.

Two user equipment such as mobile stations (MS) 6 are also shown. Itshall be appreciated that typically a number of user equipment will bein communication with each base station. Each base station is arrangedto transmit signals to and receive signals from the mobile userequipment (UE) 6 via a wireless interface. Likewise, the user equipment6 are able to transmit signals to and receive signals from the basestations.

Each of the base stations is connected to an access network controllersuch as a radio network controller (RNC) 7 of a UMTS terrestrial radioaccess network (UTRAN) or a base station controller of a GSM typesystem. The radio network controller may be connected to appropriatecore network entities of the cellular system, such as a MSC (mobileswitching centre) 8 and/or SGSN (serving general packet radio servicesupport node) 11, via a suitable interface arrangement.

The location of a mobile user equipment may vary in time as the userequipment is free to move within the coverage area of a base station andalso from a coverage area to another coverage area. The moderncommunication systems are capable of providing information regarding thegeographical location of a user equipment within the coverage areathereof. The geographical location may be defined on the basis of theposition of the mobile station relative to the base station(s) of themobile telecommunications network.

The geographical location of the user equipment may be defined, forexample, in X and Y co-ordinates or in latitudes and longitudes. Apossibility is to use the relation between defined radiuses and angles,e.g. based on the spherical coordinate system or alike. It is alsopossible to define the location of the base stations and/or mobilestations in vertical directions. For example, z co-ordinate may be usedwhen providing the location information in the vertical direction. Thevertical location may be needed e.g. in mountainous environments or incities with tall buildings.

Reference is made to FIG. 2 which shows in more detail the locationelements of a communications system. The base stations and radio networkcontrollers define a radio access network 14. Different networks haveequivalent elements.

The location service (LCS) functionality of the communication system isprovided by a Gateway Mobile Location Center (GMLC) entity 10. The GMLClocation service node 10 is for gathering and storing data that isrequired for the provision of the location information. The locationservice node 10 is arranged to receive via appropriate interface meansinformation concerning the location of the mobile user equipment fromthe cellular system.

The cellular system may be provided with various different means forprocessing information gathered from the cells and/or some otherparameters and/or for computing by processor means appropriatecalculations for determining and outputting the geographical location ofthe target user equipment. The location information may be obtained byusing one or more of the appropriate location techniques. At least apart of the location information may be provided based on informationprovided by system that is separate from the communication system, suchas by means of the Global Positioning System (GPS) or similar. Sincethere are various possibilities how to implement the location servicesin the cellular system and since the invention is not dependent on theused location determination technology, these are not be described inany greater detail herein.

In order to be able to separate the user equipment from each other, thelocation service entity 10 is capable of processing at least one form ofidentifiers. The identity information may be provided e.g. by means of amobile subscriber ISDN number (MSISDN), an international mobilesubscriber identifier (IMSI) or a temporary identifier (such as atemporary international mobile subscriber identifier: TIMSI) of themobile user equipment, passwords, or any other form of identifier thatcan be reliably used for identifying a user equipment and/or a user.

The GMLC server 10 is arranged to receive location information from theradio access network 14 via appropriate controller entities such as theMSC 8 and/or SGSN (not shown) connected by the appropriate interfacemeans to the access network.

The GMLC 10 may provide the location information in a predefined mannerto a location services (LCS) client 12. A LCS Client 12 can be anyentity that makes use of the location information. The LCS client 12 canbe seen as a logical functional entity that may make a request to thelocation service entity 10 for the location information of one or moretarget user equipment. The LCS client 12 may be an entity that isexternal to the communication network, the client entity 12 beingprovided in an ASP domain 4. Examples of an ASP are Yahoo and Aktivist.The LCS client may also be an internal client (ILCS) i.e. reside in anyentity or node (including the mobile station) within the communicationsystem 1.

The LCS clients are entitled to receive at least some degree ofinformation concerning the location (or location history) of a targetuser equipment. The particular requirements and characteristics of a LCSClient are typically known to the location service server of thecommunication system by its LCS client subscription profile. This isdiscussed in more detail hereinafter.

The GMLC 10 may consist of components and bearers needed to serve theLCS client 12. The GMLC 10 may provide a platform which will enable thesupport of location based services in parallel with othertelecommunication services such as speech, data, messaging, otherteleservices, user applications and supplementary services. The GMLC 10may thus provide the client 12, on request or periodically, the currentor most recent geographic location (if available) of the target userequipment or, if the location fails, an error indication and optionallythe reason for the failure. A more detailed description of a LCS entitythat may be employed in the embodiments of the invention can be founde.g. from the above referenced 3GPP technical specification No. 3GPPTS23.271.

A home location register 20 is provided. The home location register maystore the same privacy parameters which are currently proposed.Alternatively or additionally, the home location register will store theaddress of an entity which stores privacy parameters for the user. Inpreferred embodiments of the present invention, the home locationregister does not include any privacy parameters. Rather, they arestored in the separate privacy entity referenced 22 in FIG. 2. Inparticular, the home location register 8 is arranged to include aprivacy reference address for each subscriber allocated for locationservices. This address is, in the described embodiment, for example theGT (global title) or the IP (internet protocol) address or any othersuitable address of the privacy policy holder entity 22. This entity 22may take the form of a server.

The privacy policy entity 22 can be provided internally or externally ofthe operator's network. Access to the privacy policy entity 22 can bevia an IP or SS7 based connection or by any other suitable type ofconnection.

The privacy policy entity 22 can store a detailed privacy policy for auser. For example, the privacy policy entity can store informationrelating to firstly whether or not the location of the user can beprovided to an LCS client. If so, the times when the location of theuser can be provided to the client can also be defined. The privacypolicy entity 22 can also store information defining those clients towhich location information can be sent. The user can also definelocations for example the user's home and/or office environment, inwhich the location of the user cannot be provided to a location client.The information stored can be in any suitable format. For example, thetimes when the location of the user can be sent to a client can bestored and/or the times when information cannot be sent to the clientcan be stored. Likewise, information can be stored defining the area inwhich when the user is located, information cannot be sent to the useror vice versa. The privacy policy entity 22 may also store informationdefining how accurate the location information may be for an LCS client,for example some LCS clients may only be able to obtain ID/Service areabased location information. The privacy policy entity stores informationas to who is the owner of the policy (profile) for each subscriber andwho is authorised to manage the settings. Communities can be introducedfor a subscriber or global communities can be defined which subscriberscan join. These communities can have certain privacy rules separatelyset by the community owner.

As a separate entity is provided for storing the privacy profile for auser, the profile can be as detailed as required. For example, theprivacy holder entity may store information which indicates that thelocation of the user can only be provided with the explicit consent of auser. In this case the verification may be required from the user beforeaccepting the original location request from the client/ASP andcompleting the privacy check. If a subscriber has set that notificationis needed in the privacy rules then the privacy policy entity shouldrequest notification additionally while making the privacy check. Theprivacy profile entity can be in separate network element. In someembodiments the functionality of the privacy policy entity can be addedto another network element e.g. GMLC.

Reference is made to FIG. 3 which illustrates the method embodying thepresent invention. In step S1, a user sends a service request message tothe client 12. The client 12 sends a location request, in step S2, tothe GMLC. The GMLC in step S3 authenticates the LCS client. If thatauthentication is successful, an SRI (send routing information) is sentin step S4 to the user's home location register 20. The SRI messagerequests the details of the MSC/SGSN in which a subscriber is currentlylocated. The home location register 20 in step S5 acknowledges therequest and provides the address or identification information for theprivacy policy entity 22. The home location register also provides thecurrent MSC/SGSN address. This acknowledgement and identificationinformation is sent to the GMLC 10. The GMLC, in step S6 sends a requestto the entity to check whether the location request received from theclient can be actioned. In this request all the available information ispassed which can for example be the Client ID, requester, MSID, QoS,request type (i.e. immediate, periodic) etc. The privacy policy entity22 will take into account the parameters defined by the user and seewhether or not the location request from the particular location client12 is allowable in view of that profile. The privacy policy entitysends, in step S7, a reply to the GMLC 10 indicating whether or notlocation information on the user can be provided. In that reply theremay also be information as to whether notification or privacyverification is needed to send to MS/UE. It should be appreciated thatat this point, the location of the user is not identified and as such,no check is made with respect to any location part of the definedprofile. This is because the level of location information available inthis point is only the MSC identity and/or the last known location ofthe subscriber. If this is the accepted level of accuracy defined thenthe location dependent privacy check can be performed also in thisstage. Otherwise the location check is not made in this stage.

In step S8, if it is determined that the privacy policy entity 22 hasnot provided a negative reply, a PSL (provider subscriber location)message is sent to the MSC/SGSN 8. In this message it could be indicatedthat privacy check is already done by GMLC or the privacy overrideindicator (POI) that is already defined in current standards is used.Here the new privacy check performed indication is preferred. This wouldresult that MSC/SGSN may not perform the privacy check. The PSL messagecould also include the information whether notification or verificationis needed or not. If the PSL message does not include this information,the GMLC should use the client identity that specifies if this to bedone. In current standards the system does not do verification ornotification if the POI is used. So in the case that the privacy checkindication is not received or POI not set, in step S9, the MSC 8 carriesout a basic privacy check as defined in 3GPP TS 23.271 chapter 9.5.

In step S10, a response is sent by the MSC to the GMLC which providesthe MSISDN of the user and its location.

If necessary, the further check is made to see whether or not thelocation of the user rules out that information being provided to theclient. To do this, the location information may be sent by the GMLC tothe privacy policy entity 22 in step S11. That will check the locationof the user against the defined areas. The privacy policy entity 22 willsend a reply to the GMLC which will indicate whether or not it isacceptable for the client to be provided with the location of the user.This takes place in step S12. If it is determined that the client can beprovided with the user's location, the next step is step S13 where theGMLC provides the client 12 with the location of the user. The client 12then, in step S14, provides the user with the required information.

In some arrangements, some GMLCs or the like may not support the use ofthe privacy policy entity. Accordingly, for these GMLCs steps S6 and S7may be omitted and replaced by an additional step which would send theprivacy check request after step S8. This additional step may be part ofstep S9. In the case that the GMLC or the like does not support the useof the privacy policy entity, a different entity such as the MSC couldsend the privacy check request on behalf of the GMLC.

If the user visits another network, then the address or the like of theprivacy policy entity should be copied to the VLR of the visitednetwork.

In one embodiment of the present invention, the HLR can in response to aservice request provide the GMLC with the address or the like of theprivacy policy entity. The GMLC can then communicate with the privacypolicy entity. In alternative embodiments of the present invention, theHLR may be arranged to communicate with the privacy policy entity 22.For example, the SRI request would be received by the home locationregister 20. In response to that request the home location register 20would carry out the required privacy check by communicating with theprivacy policy entity 22 directly.

It should be appreciated that depending on the user's privacy profile,more information may be required by the privacy policy entity 22 forindicating whether a location request is or is not allowable. Forexample, the identity of the client may be required, the location of theuser may be required etc. In those circumstances, the privacy policyentity would need to receive further information. In thosecircumstances, the privacy policy entity would send a reply indicatingthat the further information would be required before a decision couldbe given.

In preferred embodiments of the present invention, the GMLC has beendescribed as sending the privacy check requests. However, in alternativeembodiments of the present invention, other entities may provide thatrequest, for example, the SGSN or MSC or indeed any other suitableentity.

Reference is made to FIG. 4 which illustrates a modification to themethod shown in FIG. 3. The method illustrated in relation to FIG. 4 isarranged so as to take into account whether the location request is inresponse to a location request from the user. In particular, the usermay initiate a call or session and request a location based service froman LCS client. If the user has requested a location related service,there is no privacy problem in supplying the location information fromthe user to the LCS client. However, if the user is to, for example, tobe provided with an advertisement dependent on the location of the user,this would have to take into account the profile stored in the privacyprofile register.

In step T1, the LCS client sends a request to the GMLC. This correspondsto step S2 in FIG. 3. In step T2, an SRI (send routing information)message is sent to the user's home location register 22. This is thesame as step S4 in FIG. 3. It should be appreciated that the GMLC mayalso carry out authentication procedure as in the method illustrated inFIG. 3. Step T3 is the same as step S5 of FIG. 3. In step T4, the GMLCsends a request to the entity to check whether the location requestreceived from the client can be actioned. Again, is the same or similarto step S6.

In step T5, the privacy profile register 22 provides two responses. Oneresponse is call/session related. That is, the response indicatingwhether or not location information on the user can be provided willtake into account the fact that the user has requested the particularlocation service. However, there may be, for example, bars on the user'ssubscription which prevent the user from obtaining a particular locationservice. The second result assumes that the user has not initiated acall/session. It may well be that the call/session related response andthe call/session unrelated response may be different or the same.

In step T6, the GMLC 10 sends the provide subscriber location message tothe MSC or SGSN, depending on the network. This message can contain tworesults, one call/session related and second call/session unrelated.Depending on whether or not the user has initiated the call/session, oneof the two responses from the privacy profile holder 22 will be used.The remaining steps of FIG. 4 would be the same as steps S10 to S14 ofFIG. 3, taking into account the appropriate response from the privacyprofile register 22.

In one modification to the embodiment of the present invention, the GMLCmay have already received information either from the MSC/SGSN directlyor, for example from the LCS client indicating whether or not there is acall/session in place. If so, the GMLC request in step T4 would specifywhether or not there was a call/session in place. The privacy profileregister would then need only to provide a single response.

In one modification to the embodiment of the present invention, the GMLCmay receive information in the provide subscriber location responsemessage either from the MSC/SGSN indicating whether or not there is acall/session, in place. The GMLC can forward this information and thelocation information to the privacy profile register before sending theLCS response to the LCS client as in step S13. Based on call/sessioninformation and location information the privacy profile register canreject or approve the location request.

In yet another embodiment of the present invention, the response fromthe privacy profile register could instead be sent directly to theMSC/SGSN and not to the GMLC entity.

One further modification to the present invention will now be described.A concept called anonymous target subscriber has been proposed in thecontext of the location request procedure. In this concept the targetsubscriber can hide his true identity from LCS client (application). Inthis case the LCS service request is send from the LCS client to the LCSserver (GMLC) containing only the pseudonym of the target subscriber. Inone preferred modification to the present invention, it is possible forthe target subscriber to allow only location requests where the trueidentity of the target subscriber is hidden from the LCS client. Thetarget subscriber can be kept anonymous from the LCS client when the LSCservice request only contains the pseudonym of the target subscriber.

Embodiments of the present invention may be such that the subscriber canbe sure that only location requests where the true identity of thesubscriber is hidden shall be allowed. In an embodiment of the presentinvention, the target subscriber is able to use this anonymity as a partof his privacy profile, as discussed previously and to be used in theprivacy check.

This embodiment enhances the subscriber's privacy.

In the 3GPP Rel-6 the privacy check for the location request is made inthe Home PLMN either in the Home GMLC or in the privacy policy holder.This would mean that when this anonymous target subscriber concept isused, the H-GMLC or privacy policy holder should get the correspondinginformation when the anonymous LCS service request is send from the LCSclient, This information can be used in the privacy check. Also thesubscribers LCS privacy profile kept in the H-GMLC/PPR shall containthis new information that only anonymous location requests are allowedby that user and optionally the circumstances in which the anonymouslocation request are required and when they are not required.

Reference is made to the two third generation specifications LSC3GPP TS23.071 and LCS 3GPP TS 23.271 which currently define location requests.

Embodiments of the present invention have been described in the contextof privacy relating to location services. However, it should beappreciated that alternative embodiments of the present invention can beused with additional or alternative services such as presence servicesand other services which contain information about the subscriber, e.g.dating services. It should also be appreciated that general and specificinformation regarding the user, the subscriber, the client, ASP orservice may be stored in the profile data base. Thus the informationstored in the entity may define a user profile, a subscriber profile, aclient profile, an ASP profile or a service profile, these profiles mayor may not include privacy information. Where the information relates tothe client, the ASP or the service, there may be no information or theremay be information relating to a subscriber or a user.

It should be appreciated that when the user 3 roams to a differentnetwork, the so-called “visited network”, the information associatedwith that user is copied from the home location register 20 to thevisitor location register of the visited network. The check as towhether or not the user can receive the information is made in a MSC ofthe visited network using the information temporarily stored in the VLR.The visited network may access the privacy entity 22.

Whilst the invention has been particularly described herein withreference to MSCs and VLRS, the invention is not limited to such andapplies equally, for example to GPRS arrangements and consequentlySGSNs.

It should be appreciated that whilst embodiments of the presentinvention have been described in relation to user equipment such asmobile stations, embodiments of the present invention are applicable toany other suitable type of user equipment.

The entity which stores the address of the privacy entity is describedin preferred embodiments of the invention as being the HLR but inalternative embodiments of the invention can be provided in userequipment, mobile services switching centre or a mobile station. Theentity making the location request or the like is preferably the GMLC,SGSN or MSC but may in alternative embodiments be the HLR, mobilestation or, user equipment. The privacy entity may be a server, userequipment or mobile station.

The embodiment of the present invention has been described in thecontext of a third generation communication system. This invention isalso applicable to any other communication system.

It is also noted herein that while the above describes exemplifyingembodiments of the invention, there are several variations andmodifications which may be made to the disclosed solution withoutdeparting from the scope of the present invention as defined in theappended claims.

1. A telecommunications system, comprising: at least one user equipment;a privacy policy holder configured to store information defining aprivacy profile for at least one user associated with said at least oneuser equipment; and a home location register configured to store theaddress of the privacy policy holder and an association between said atleast one user and said privacy policy holder, wherein at least part ofsaid stored information defining said privacy profile is additional toinformation stored on said home location register, wherein said systemis configured so that in response to a request for information relatingto said user, said association stored in said home location register isused to identify said privacy policy holder so that a determination canbe made by said privacy policy holder with respect to the privacyprofile as to whether or not the requested location information can beprovided.
 2. The system as claimed in claim 1, further comprising: athird entity configured to receive said request for information.
 3. Thesystem as claimed in claim 2, wherein said third entity comprises atleast one of a gateway mobile location center, a serving general packetradio service support node, a home location register, a user equipment,a mobile station, or a mobile switching center.
 4. The system as claimedin claim 2, wherein said third entity is configured to obtain from thehome location register information identifying the privacy policyholder.
 5. The system as claimed in claim 2, wherein said third entityis configured to communicate with said privacy policy holder so that itcan be determined whether the requested information can be provided. 6.The system as claimed in claim 1, wherein said home location register isconfigured to communicate with said privacy policy holder to determinewhether the requested information can be provided.
 7. The system asclaimed in claim 1, wherein said privacy profile comprises at least oneof the following: information defining time when the information on theuser can be provided, information defining time when the information onthe user can not be provided, information defining locations of the userwhen the information on the user can be provided, information defininglocations of the user when the information on the user can not beprovided, information defining that the identity of said user is to behidden, information defining when and/or in what circumstances that theidentity of the user is to be hidden, information defining entities towhich information can be provided, or information defining entities towhich information can not be provided.
 8. The system as claimed in claim1, wherein said request for information comprises a location request. 9.The system as claimed in claim 1, wherein said request for informationis configured to be received from a further entity external to saidsystem.
 10. The system as claimed in claim 1, wherein said request forinformation is configured to be received from a further entity in saidsystem.
 11. The system as claimed in claim 9, wherein said furtherentity comprises a service provider.
 12. The system as claimed in claim1, wherein said privacy policy holder comprises at least one of aserver, a mobile station, or a user equipment.
 13. The system as claimedin claim 1, wherein said at least one user is a user equipment.
 14. Thesystem as claimed in claim 13, wherein said at least one user is amobile station.
 15. The system as claimed in claim 1, wherein saidprivacy policy holder is configured to carry out, when the privacypolicy holder requires further information to carry out saiddetermination, a further determination of whether said furtherinformation is available.
 16. The system as claimed in claim 1, whereinsaid privacy policy holder is configured to provide first informationand second information, said first information being usable when thereis a call/session and second information being usable when there is nocall/session.
 17. The system as claimed in claim 16, wherein said firstinformation is usable when there is a call/session related to a locationrequest and said second information is usable when there is nocall/session related to a location request.
 18. The system as claimed inclaim 2, wherein said privacy policy holder is configured to providefirst information and second information, said first information beingusable when there is a call/session and second information being useablewhen there is no call/session and wherein said first information andsecond information are configured to be sent to said third entity. 19.The system as claimed in claim 1, wherein said privacy policy holder isconfigured to receive information indicating whether there is acall/session and to provide information depending on whether there is acall/session.
 20. The system as claimed in claim 19, wherein saidinformation is configured to indicate whether there is a call/sessionrelated to a location request.
 21. The system as claimed in claim 19,wherein said privacy policy holder is configured to receive informationindicating whether there is a call/session from a mobile switchingcenter, a serving general packet radio support node, or a gateway mobilelocation center.
 22. The system as claimed in claim 19, wherein saidprivacy policy holder is configured to receive location information andthe information relating to said call/session after a positioningprocedure has been carried out.
 23. The system as claimed in claim 22,wherein, based on the location information and/or the informationrelating to the call/session, the privacy policy holder is configured toreject or approve the location request.
 24. The system as claimed inclaim 1, wherein the requested information is configured to be providedwithout providing the identity of the user.
 25. The system as claimed inclaim 1, wherein the requested information is configured to be providedwith a pseudonym of said user.
 26. A method, comprising: controlling theprivacy of a user in a telecommunications system; receiving a requestfor information relating to said user; obtaining an address from a homelocation register identifying a privacy policy holder, said privacypolicy holder storing information defining a privacy profile for saiduser wherein at least part of said stored information defining saidprivacy profile is additional to information stored on said homelocation register; and carrying out a determination at said privacypolicy holder with respect to the privacy profile as to whether or notthe requested location information can be provided.
 27. A home locationregister, configured to: operate in a telecommunication system; storeinformation for a plurality of users identifying for each user a privacypolicy holder, the or each privacy policy holder being configured tostore information defining a privacy profile for the respectiveplurality of users, wherein at least part of said stored informationdefining said privacy profile is additional to information stored onsaid home location register, and wherein the home location register isconfigured so that in response to a request for information relating tosaid user, said association comprising the address of the privacy policyholder stored in said home location register is used to identify saidprivacy policy holder so that a determination can be made by saidprivacy policy holder with respect to the privacy profile as to whetheror not the requested location information can be provided.
 28. The homelocation register as claimed in claim 27, wherein said home locationregister is configured to store for said plurality of users an addressof the privacy policy holder storing the privacy profile for therespective user.
 29. A telecommunications system, comprising: at leastone user equipment; a privacy policy holder configured to store aprivacy profile comprising information relevant for or related to atleast one user associated with said at least one user equipment; and ahome location register configured to store the address of the privacypolicy holder and an association between said at least one user and saidprivacy policy holder, wherein at least part of said stored informationon said privacy policy holder is additional to information stored onsaid home location register, and wherein, when there is a requestrelating to or from said user, said system is configured so that saidassociation stored in said home location register is used to identifysaid privacy policy holder so that a determination can be made by saidprivacy policy holder with respect to the stored location information toprovide a response in dependence on said stored information to saidrequest.
 30. A telecommunications system, comprising: at least one userequipment; a home location register configured to store a privacy policycomprising information defining a first profile for at least one userassociated with said at least one user equipment; and a privacy policyholder configured to store information defining a privacy profile forsaid at least one user, wherein said first profile comprises an addressof the privacy policy holder and an association between said user andsaid privacy policy holder, wherein at least part of said storedinformation defining said privacy profile is additional to informationstored in said first profile, and wherein said system is configured suchthat in response to a request for information relating to said user,said association in said first profile is used to identify said privacypolicy holder so that a determination can be made by said privacy policyholder with respect to the privacy profile as to whether or not therequested location information can be provided.
 31. The system asclaimed in claim 30, further comprising: a third entity configured tostore a copy of said first profile stored on said home locationregister, wherein in response to a request for information relating tosaid user, the association in said first profile stored on said furtherentity is configured to be used to identify said privacy policy holderstoring said information defining said privacy profile.
 32. Atelecommunications system, comprising: at least one user equipment meansfor equipping a user; a first storage means for storing informationdefining a privacy profile for at least one user associated with said atleast one user equipment means; and a second storage means for storingan association between said at least one user and said first storagemeans and an address of a privacy policy holder, wherein at least partof said stored information defining said privacy profile is additionalto information stored on said second storage means, wherein said systemis configured so that in response to a request for information relatingto said user, said association stored in said second storage means isused to identify said first storage means so that a determination can bemade by said first storage means with respect to the privacy profile asto whether or not the requested information can be provided.